Five Critical Steps to Make WordPress GDPR Ready

GDPR Message from Elliot Forte – Director at Business Think

“I’ve resisted offering a GDPR solution to date. We are a marketing company and our business is creating opportunity, not countering threat. However, in recent weeks I have been asked by businesses to give advice on the implications for websites, particularly WordPress.

There is no doubt that the risk of legal action for failure to meet GDPR requirements is real and the penalty of 4% turnover is alarming. However, I believe that a degree of perspective on the new regulations should be maintained.

I have spoken to the GDPR enforcement agency, the Information Commissioners Office (ICO), several times and have only ever found their approach supportive and helpful. This is borne out by their actions. ICO statistics show that over the past 12 months the ICO has overseen just 39 monetary penalties, 20 prosecutions and 18 enforcement notices in the United Kingdom.

Over a 12 months period, a total of 20 prosecutions by the ICO in a UK business population of over 5 million organisations.

Source: https://ico.org.uk/action-weve-taken/enforcement

We do believe in GDPR, but not because of the threat of prosecution. We believe in the new regulations because it is going to generate business benefits for everyone, particularly online.

Email marketing lists are going to be smaller but more powerful (true advocates). Security of websites is going to be heightened. Consumers are going to have added control of their data and respect brands that demonstrate they take that responsibility seriously. 

The five critical steps towards online GDPR readiness are not complex and should be within the capability of most businesses with a modicum of technical knowledge. This information will point you in the right direction. If you prefer us to make the improvements and manage the entire process, then order a GDPR 5 Upgrade.” (22 May 2018)

GDPR Support

GDPR regulations come into force on 25th May 2018. With less than a week to go until the deadline, our GDPR 5 Upgrade is a quick and easy solution to help your digital marketing and WordPress website comply with the new regulations.

The Information Commissioners Office (ICO) is the enforcer of the new regulations. In January 2018 an ICO GDPR Helpline representative advised that:

“We will not have zero tolerance on May 25th. We will support businesses who are still trying to comply and can show evidence of taking positive steps towards compliance.”

A GDPR 5 Upgrade will provide that tangible evidence and improve your website.


The ICO guidance on GDPR confirms that, “If the information collected about website use is passed to a third party you should make this absolutely clear to the user.”

Under the GDPR regulations, consent must be agreed to using a clear action such as an opt-in tick box prior to setting cookies. Simply visiting a site no longer counts as consent.

Under GDPR, an IP address is personal data owned by the data subject. This information is transferred when tracking takes place using services such as Google Analytics, social media advertising and live chat.

Our recommended solution is soft opt-in consent. We will add a pop-up alerting your visitors that you are about to set cookies, explain what the cookies do and offer the person a choice to agree or refuse to accept the cookie. Cookie consent is clear and unambiguous.


Under GDPR the website owner is now responsible for ensuring visitors know how their data will be stored, where and why. A GDPR compliant Privacy Policy (including a Cookies statement) must clearly set out this information for the visitor.

It is unlikely your current Privacy Policy and Cookie statement is GDPR compliant, as new requirements have been introduced requiring added transparency on what you do with visitor data. There is also a new level of scrutiny on securing data in terms of storage and transmission over the Internet.

Our recommended solution is to add the new information required to your policies. WordPress has introduced tools to assist with the production of GDPR compliant policies. A questionnaire will be sent to you to collect the information required and changes will be made on your behalf.


The purpose of most website forms is to collect personal data. Under GDPR you must obtain opt-in consent from visitors prior to accepting their details. The form must include information on usage and a link to the GDPR privacy policy. Consent must be clear and unambiguous. A consent check box must be a compulsory field on the form to ensure agreement is given prior to sending details.

Our recommended solution adapts forms to enable this process. We use the WordPress GDPR Privacy Policy template to produce your required document and link this to your contact forms.


Under GDPR, contacts must not be automatically added to marketing lists without consenting to receive emails using an opt-in checkbox.

In response, email marketing providers such as Mailchimp have all recently updated their terms and conditions and introduced GDPR compliant tools for customers.

Our recommendation is to update your email marketing sign up form to ensure GDPR information is provided prior to ticking an opt-in for consent. Plugins that allow users to sign-up for marketing lists must be updated to ensure the process is GDPR ready.


Websites must ensure that transmission of user data sent via the Internet is secure e.g. a contact form submission. SSL encrypts data transferred between the browser and server, reducing risk of data breach.

The case for HTTPS is now overwhelming – GDPR compliance is heightened, Google ranking benefits are awarded and customer perception of a secure website is guaranteed (the Google Chrome browser now displays security warnings about sites that do not have SSL enabled).

Our recommended solution is to apply SSL and HTTPS to your website. You may also need to upgrade to SSL hosting at your Internet Service Provider (ISP)*.

How to Order a GDPR 5 UPGRADE

With days to go, these steps cannot realistically be implemented prior to May 25th.

A written statement of commencing works will be issued immediately, creating tangible evidence of “taking positive steps towards compliance”. On completion of the upgrades, a second certificate is issued itemising GDPR improvements and specifying when they were implemented – signed and dated by Business Think Digital.

£275 Plus Vat*

*does not include ISP hosting costs to upgrade to SSL encryption – costs vary from host to host

Pay securely online

If you would like more information, please email info@businessthinkdigital.co.uk

N.B. This rate is for a single website upgrade. Offer is only available to WordPress users.

An adviser will personally project manage all the improvements and changes. This is not an automated or template solution. Deadlines for completion of works will be agreed at the outset.

We will contact you by telephone to confirm your needs. You will not be required to take any action apart from completing the simple Privacy Policy questionnaire.

Please note

If you have already implemented any of the five steps, reduced rates will apply. POA.

Business Think Digital is not a solicitor and is not providing legal advice. We are digital marketing experts and understand the implications of GDPR online. Completing the GDPR 5 Upgrade will not alter your offline responsibility for data security or guarantee overall compliance. If you require legal advice on the offline GDPR regulations, please contact a qualified legal representative.